My host is getting ready to roll out PHPsuexec on all servers. This means that no directories on the server will be allowed anything more than 755 permissions. How will this affect phpLD, and am I going to run into problems when they finally make the change to my server?

PHPsuexec is a nightmare for any webmaster who runs scripts.
Mod rewrite commands from an htaccess file will not function as well as other problems.
IMHO get away from that host as fast as you can.

Content visible to registered users only.
You know what you need for a phpLD installation...
777 permissions :roll:

If you can't get away from that server, try to change the script so it won't cache anything, so you don't need to chmod temp folder and it's subfolders.

But...best it would be to change your server.

Boby

Content visible to registered users only.

It should not effect anything as long as you modify the files accordingly. The only difference will be that you can not have php calls in your .htaccess files and you need to move that to a php.ini file instead. You also need to make sure the file permissions are no higher than 644 for php files and 755 for catalogs. 644 is more than enough for any file requiring 777 permissions but you do not expose yourself to potential harm in the way a 777 do.

Content visible to registered users only.

Running PHPSUEXEC makes little to no effect on php scripts. I have well over 200 different scripts operating under PHPSUEXEC without any problems. The only problem you would run into is if you are not used to handling CHMOD permissions and the host has not given clear instructions on how they should be handled when installing scripts. PHPSUEXEC has no effect on Mod rewrite in .htaccess files, only .httacces files containg php syntax which can be removed and added in a php.ini file instead.

If your host does not have PHPSUEXEC, Mod_evasive and Mod_security installed you should run because sooner or later that server will be compromised. Trust me, I deal with 2-5 webhosts daily that have been hacked into and now host material used to break into other webservers or setup phishing/spam scripts...They all get caught in my security and smashed before I track them down and report them.


Content visible to registered users only.

On a server with PHPSUEXEC you don't need any file set at all...it will autmaticly set to 644 or 755 and it works perfectly :) Its just abit more secure ;)

I agree with some statements but not all

"If your host does not have PHPSUEXEC, Mod_evasive and Mod_security installed you should run because sooner or later that server will be compromised."

wrong Only one I use in that list is MOD_SEC on any server I control and there are alot in the dc I work with also that do not run anything but that.
If you are a cheap host that caters to the kiddies well then we know you are constantly having the dc handle the attacks. mod_evasive sounds good and looks great in text on a page but it is limited to how much juice the box actually has and in fact usually ends up causing paying customers headaches in cases of using many popular scripts that allow bulk uploading in the admin part. No apache module is going to be able to block a dos attempt on a server. I can prove this in less than 10 minutes :)

phpsuexec is ok works ok causes you headaches in support with users who dont understand what it is. A bit more secure... well it makes it easier to find the account that just got compromised and is now running the latest greates in spammer scripts :)

im not a server guy, but i just installed phpLD on a PHPsuexec server!
and wrks gr8! ... no edit to no file!

M.

Content visible to registered users only.

This is why I keep sending out emails to server owners of all levels...
PHPSUEXEC and mod_security is set to prevent malicious script insertions and the abuse of insecure script permissions and if you use something else to protect against that, then that is your choice. I have seen far to many webservers infected and defaced because the server was not protected with such easy measures. Lets face it...just because you as the owner know what you are doing does not mean your clients do, regardless of size and reputation. Its up to you to protect them from themselves.

Naturally you would not use Mod_security alone, but it is a nice addition to whatever ddos protection you already have wether its hardware or software based.

If you are having problem with clients asking for support after adding PHPSUEXEC is causing you problems maybe you are not giving them the information in the best way or have more clients than your support can handle? I am blessed with an almost mute client base to the point where I have to poke them now and again to see if they are actually alive so I can not really give you a fair judgement on how much extra work it may add to support if implementing PHPSUEXEC. I find that Kayako's system where clients get related information while posting a support ticket drasticly reduce tickets though as do newsletters and on site information. Then again I am very pro-active because I am a single person business and need to make sure everything is available for clients.



Still...we are drifting from the subject and the discussion on how to secure your server is perhaps best continued elsewhere :)
PHPLinkDirectory works just as well under PHPSUEXEC as it does on a server without :)

True we do digress.
Should discuss this in another thread.